<?php require_once('../config.php');
if(!isset($_SESSION['admin'])) die('没有权限！');?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html>
<head>
	<meta http-equiv="content-type" content="text/html; charset=UTF-8">
	<title>拾客>管理平台>模块</title>
	<style>
		body{margin: 20px;}
	</style>
</head>
<body>
<?php 
$action = $_GET['action'];
echo '<h3>用户管理</h3>';
switch($action){
	case 'view':
		if(isset($_GET['id'])){ 
			$query = "SELECT * FROM user WHERE id=".$_GET['id'];
			$result = mysql_query($query);
			
			if($line = mysql_fetch_array($result, MYSQL_ASSOC)){
				echo "<p>浏览用户</p>";
				echo "<table>\n";
				echo "\t<tr><th>用户名</th><td>".$line['username']."</td></tr>";
				echo "\t<tr><th>邮箱</th><td>".$line['email']."</td></tr>";
				echo "\t<tr><th>注册日期</th><td>".$line['reg']."</td></tr>";
				echo "\t<tr><th>最近登陆</th><td>".$line['lastlogin']."</td></tr>";
				// echo "\t<tr><th></th><td>".$line['']."</td></tr>";
				echo "</table>\n";
			}else echo '该用户不存在';
		}else echo '参数错误';
		break;
	case 'add':
	?>
		<p>添加用户</p>
		<form action="user.php?action=add" method="post">
		<table><tbody>
			<tr><th>用户名</th><td><input type="text" name="username" id="username"/></td></tr>
			<tr><th>密码</th><td><input type="password" name="password" id="password"/></td></tr>
			<tr><th>确认密码</th><td><input type="password" id="repasswd"/></td></tr>
			<tr><th>邮箱</th><td><input type="text" name="email" id="email"/></td></tr>
			<tr><th></th><td><input type="submit" value="添加"/></td></tr>
		</tbody></table>
		</form>
	<?php
		if(isset($_POST['username'])){
			$username = $_POST['username'];
			$password = MD5($_POST['password']);
			$email = $_POST['email'];
			
			$query = 'INSERT INTO user VALUES(null, 0,"'.$username.'", "'.$password.'", "'.$email.'", null, null)';
			mysql_query($query);
			echo '<script>alert("用户添加成功");</script>';
		}
		break;
	case 'mod':
		echo '<p>修改用户</p>';
		if(isset($_GET['id'])){
			$id = $_GET['id'];
			if(isset($_POST['username'])){
				$username = $_POST['username'];
				$password = $_POST['password'];
				if($password=="")
					$query = "UPDATE user SET username='".$_POST['username']."' WHERE (id=".$id.");";
				else $query = "UPDATE user SET username='".$_POST['username']."', password='".md5($_GLOBAS['salt'].$password)."' WHERE (id=".$id.");";
				mysql_query($query);
				echo '<p>修改成功</p>';
			}else{
				$query = "SELECT * FROM user WHERE (id=".$id.");";
				$result = mysql_query($query);
				
				if($line = mysql_fetch_array($result, MYSQL_ASSOC)){
					echo "<form action='?action=mod&id=".$id."' method='post'>\n";
					echo "<table><tbody>\n";
					echo "\t<tr><th>用户名</th><td><input type='text' name='username' id='username' value='".$line['username']."'/></td></tr>";
					echo "\t<tr><th>邮箱</th><td>".$line['email']."</td></tr>";
					echo "\t<tr><th>新密码</th><td><input type='text' name='password' id='password'/></td></tr>";
					echo "\t<tr><th>确认密码</th><td><input type='text' id='repassword'/></td></tr>";
					echo "\t<tr><th></th><td><input type='submit' value='修改'/></td></tr>";
					// echo "\t<tr><th></th><td>".$line['']."</td></tr>";
					echo "</tbody></table></form>\n";
				}else echo '<p>该用户不存在</p>';
			}
		}
	?>

	<?php 
		break;
	case 'del':
		echo '<p>删除用户</p>';
		if(isset($_GET['id'])){
			$id = $_GET['id'];
			$query = "DELETE FROM user WHERE (id=".$id.");";
			$result = mysql_query($query);
			echo '<p>删除成功</p>';
		}
		break;
	case 'find':?>
		<p>查询用户</p>
		<form action="user.php?action=find" method="post">
		<table><tbody>
			<tr><th>用户名</th><td><input type="text" name="username" id="username"/></td><td><input type="submit" value="搜索"/></td></tr>
		</tbody></table>
		</form>
		<?php 
		if(isset($_POST['username'])){
			$username = $_POST['username'];
			$query = "SELECT * FROM user WHERE (username LIKE '%".$username."%');";
			$result = mysql_query($query);
			echo "<p>搜索'".$username."'的结果</p>";
			echo "<table>\n";
			echo "\t<tr><th>用户名</th><th>邮箱</th><th>注册时间</th><th></th></tr>\n";
			while($line = mysql_fetch_array($result, MYSQL_ASSOC)){
    			echo "\t<tr><td><a href='?action=view&id=".$line['id']."'>".$line['username']."</a></td>
	    					<td>".$line['email']."</td>
	    					<td>".$line['reg']."</td>
	    					<td><a href='?action=mod&id=".$line['id']."'>修改</a></td>
	    					<td><a href='?action=del&id=".$line['id']."' onclick='return window.confirm(\"确定要删除？\");'>删除</a></td></tr>\n";
			}
			echo "</table>\n";
		}
		break;
	case 'list':
	default:
		$query = "SELECT * FROM user";
		$result = mysql_query($query);
		echo "<p>用户列表</p>";
		echo "<table>\n";
		echo "\t<tr><th>用户名</th><th>邮箱</th><th>注册时间</th><td></td><td></td></tr>\n";
		while($line = mysql_fetch_array($result, MYSQL_ASSOC)){
    		echo "\t<tr><td><a href='?action=view&id=".$line['id']."'>".$line['username']."</a></td>
    					<td>".$line['email']."</td>
    					<td>".$line['reg']."</td>
    					<td><a href='?action=mod&id=".$line['id']."'>修改</a></td>
    					<td><a href='?action=del&id=".$line['id']."' onclick='return window.confirm(\"确定要删除？\");'>删除</a></td></tr>\n";
		}
		echo "</table>\n";
}
?>
</body>
</html>
<?php 
mysql_free_result($result);
mysql_close($conn); ?>